Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)My review of Flip
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 
noroad
1025 posts

Uber Geek
+1 received by user: 675

Trusted

  #1648075 9-Oct-2016 16:35
Send private message

ageorge:

 

 

 

can I ring you for security reasons? or would you like to leave it till tomorrow I can live with renaming my host directory for overnight.

 

 

 

 

TBH, dealing with this during the working week is more appropriate.



yitz
2239 posts

Uber Geek
+1 received by user: 594


  #1648091 9-Oct-2016 17:00
Send private message

Does Flip broadband redirect all port 25 traffic through to their smtp ?

noroad
1025 posts

Uber Geek
+1 received by user: 675

Trusted

  #1648093 9-Oct-2016 17:07
Send private message

yitz: Does Flip broadband redirect all port 25 traffic through to their smtp ?

 

 

 

nope, you have to set it if you want to relay. Other port 25 is blocked. Customers are encouraged to use authenticated SMTPS to their email provider.



muppet
2644 posts

Uber Geek
+1 received by user: 1662

Trusted

  #1648106 9-Oct-2016 17:39
Send private message

@noroad - You've grown soft in your old age ;-)

noroad
1025 posts

Uber Geek
+1 received by user: 675

Trusted

  #1648213 9-Oct-2016 20:28
Send private message

muppet:

 

@noroad - You've grown soft in your old age ;-)

 

 

 

 

** yep... I know, no more BOFH....

ageorge

626 posts

Ultimate Geek
+1 received by user: 53


  #1648281 10-Oct-2016 08:03
Send private message

Seems I have sorted the spam problem. If its fixed unfortunately wont be able to determine the originator of this spam attack coming from Flip port.

 

Many thanks to user 'noroad' for his perseverance and once again Flip has shown they do give a toss about their users.

 

 

 

How I eventually fixed the problem as described earlier, my method was almost there, but the tool wasnt suitable in this case. I figured it was definitely something happening in wordpress, and the method that worked:

 

NINJAFIREWALL wordpress addon which is a comprehensive recommended, free utility.
It detected a file called 'file65.php' which by content, was immediately obvious to me as alien to wordpress.
Removing this file the influx of spam seems to have stopped. So refer back to my previous post, ensure that permissions are set correctly as this is possibly how the alien file was introduced in the first place. Above all be careful about removing any file from wordpress. Make sure you do a backup of your offending wordpress installation before carrying out any such operation as Ive suggested.

 

Kind regards,
Alistair.

 
 
 
 

Shop now on AliExpress (affiliate link).
freitasm
BDFL - Memuneh
80658 posts

Uber Geek
+1 received by user: 41071

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1648283 10-Oct-2016 08:05
Send private message

I don't understand how a seemingly compromised WordPress site hosted somewhere else could be Flip's problem.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

ageorge

626 posts

Ultimate Geek
+1 received by user: 53


  #1648286 10-Oct-2016 08:12
Send private message

freitasm: I don't understand how a seemingly compromised WordPress site hosted somewhere else could be Flip's problem.

 

Freitasm it helps to read posts thoroughly before hitting the keys; you should know that.

freitasm
BDFL - Memuneh
80658 posts

Uber Geek
+1 received by user: 41071

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1648288 10-Oct-2016 08:20
Send private message

I've read the posts but I do not think it is clear. It would be good to have an explanation on how and why it happened.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

ageorge

626 posts

Ultimate Geek
+1 received by user: 53


  #1648294 10-Oct-2016 08:39
Send private message

freitasm: I've read the posts but I do not think it is clear. It would be good to have an explanation on how and why it happened.

 

 

 

Summary: spam was coming from a port in Flip to my site through some sort of backdoor leverage (the 'file65.php'). I let Flip know and originally they didnt seem to give a toss about spamming until I made the situation known on Geekzone (AKA FairGo).

 

Typical case of support staff not understanding or knowing when something serious is happening.

 

However, as its panned out, a senior member of Flip picked up on this post and demonstrated that he was serious about their customers.

 

Regards, Al. 

freitasm
BDFL - Memuneh
80658 posts

Uber Geek
+1 received by user: 41071

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1648301 10-Oct-2016 08:48
Send private message

You are saying these messages were coming from someone else's connection and it just happens that you have a compromised install on an external network and by chance you're on Flip as well?

Couldn't these be coming from your computer? I find it hard to believe in coincidences, that's all.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Stream your favourite shows now on Apple TV (affiliate link).
richms
29104 posts

Uber Geek
+1 received by user: 10222

Trusted
Lifetime subscriber

  #1648636 10-Oct-2016 16:41
Send private message

I still am not sure how a compromised wordpress install (which is what happens when you self host) would have had incoming spam from an ISP MTA? Its been a while since I have reluctantly dealt with wordpress and php in general and it never had its emails go out via any of the filtering on the host itself.




Richard rich.ms

ageorge

626 posts

Ultimate Geek
+1 received by user: 53


  #1648660 10-Oct-2016 17:22
Send private message

richms:

 

I still am not sure how a compromised wordpress install (which is what happens when you self host) would have had incoming spam from an ISP MTA? Its been a while since I have reluctantly dealt with wordpress and php in general and it never had its emails go out via any of the filtering on the host itself.

 

 

 

 

I dont know how it was happening either. There is a lot more to it than what I posted but I tried every trick in the book eg apachespamassssin settings to 0 and all mail settings to pick up any mail and dump into a spam folder. None worked so the piece of code I removed is the only likelyhood as bypassing anything else mail related except the Track log strangely enough.

 

The hosting techs could not help and I was impressed that they did not close down my account as often host services will do at the slightest hint of spam your fault or otherwise.

 

Anyway, its hopefully all done and dusted now and my original high esteem of Flip has been restored.

 

Thanks for your interest. Alistair.

 

 

 

 

1 | 2 | 3 | 4 
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright